Skip to main content
Topic: kwallet asks for password again after login – with kwallet-pam installed (Read 467 times) previous topic - next topic
0 Members and 3 Guests are viewing this topic.

kwallet asks for password again after login – with kwallet-pam installed

Hi all,

until recently, kwallet worked fine in combination with kwallet-pam: I logged in, and the wallet was unlocked automatically.

Apparently, with some update, it now stopped working: After I login, I have to enter my password so that kwallet in unlocked.

I looked in /etc/pam.d/sddm. There, we have
Code: [Select]
...
-auth       optional    pam_kwallet5.so
...
-session    optional    pam_kwallet5.so         auto_start
...
(I never changed anything there)

Also removing the minuses at the pam_kwallet5.so lines doesn't change the behavior: I'm asked to enter a password after logging in. I also tried to delete my wallet and re-create it. Didn't help either.

What happened here? Thanks for all help!

EDIT: Okay, the dashes at the front only suppress logging if the respective module is not present. So this of course changes nothing … I also tried to "force-reset" kwallet by doing rm -rf ~/.local/share/kwalletd/* ~/.config/kwalletrc and starting over new – same. Kwallet-pam seems to be out of order.

Re: kwallet asks for password again after login – with kwallet-pam installed

Reply #1
Not a kwallet user, but which kwallet are you running - 5 or 6?

Re: kwallet asks for password again after login – with kwallet-pam installed

Reply #2
Both world/kwallet5 5.116.0-1 (kf5) and world/kwallet 6.5.0-1 (kf6) are installed.

I also can't remove kwallet5, as it is needed by kio5, which is needed by e.g. Marble etc.

How can I debug this? Nothing appears in syslog, neither can I find something in sddm.log …

Re: kwallet asks for password again after login – with kwallet-pam installed

Reply #3
How can I debug this? Nothing appears in syslog, neither can I find something in sddm.log …
If using X you can direct all xorg output to a log file like such:
Code: [Select]
startx -- -keeptty >~/.local/share/xorg/xorg.log 2>&1
KDE messages will be logged there.
You can fine tune the log level of individual KDE components with kdebugsettings.
If you use it do yourself a favour and save a copy of the current settings before you start changing them.

Edit: either disable sddm while you are doing this or find out how to get sddm to start X in the same fashion.

 

Re: kwallet asks for password again after login – with kwallet-pam installed

Reply #4
Correct me if I'm wrong – but if the kwallet-pam mechanism is triggered by an SDDM PAM config file and I bypass SDDM by starting KDE via startx and not via SDDM – won't I also bypass the whole kwallet-pam invocation?

Re: kwallet asks for password again after login – with kwallet-pam installed

Reply #5
Correct me if I'm wrong – but if the kwallet-pam mechanism is triggered by an SDDM PAM config file and I bypass SDDM by starting KDE via startx and not via SDDM – won't I also bypass the whole kwallet-pam invocation?
Yeah maybe. I don't use display managers.
As you are quite likely correct configure sddm to pass the same or similar arguments to X.
From a very brief look
Quote
ServerArguments=
    Arguments to the X server. Default value is "-nolisten tcp".
seems a likely candidate.

Re: kwallet asks for password again after login – with kwallet-pam installed

Reply #6
X and SDDM won't start at all with the "keeptty" option set … can I enable some PAM verbose logging maybe?!

Re: kwallet asks for password again after login – with kwallet-pam installed

Reply #7
X and SDDM won't start at all with the "keeptty" option set …
Lose the keeptty option then.
I simply copied and pasted (part of) how I autostart X.

The pertinent part is
Code: [Select]
>~/.local/share/xorg/xorg.log 2>&1
Which is bash's way of saying 'redirect stdout & stderr to the given file.
Maybe this approach won't work with sddm ? I've never tried.

As for debuging PAM. I'm confident you can. But I've never done so myself.

If you type
Code: [Select]
man pam
in a terminal and then hit Tab you'll see a large list of man pages for PAM and it's modules.
pam_debug pam_syslog & pam_exec might be worth a closer look ?

Hopefully someone who has actually debugged PAM will offer more detailed advice but I know no more than that.

Re: kwallet asks for password again after login – with kwallet-pam installed

Reply #8
There is another option to workaround the issue.
Change the kwallet default wallet to have an empty password.  (This is what I do)

Then you'll never get prompted for it!

Don't trust kwallet for any passwords you care about. imho.
Whether the wallet has a password or not once it gets opened it remains open for the whole session, unless you change the default settings. But if you do you'll be seeing that password prompt pop-up a lot.
And while the wallet is open any application running as your user can read all the passwords from it. Not just that applications own entries. And any one sat at your pc while you make a coffee etc. can see all your passwords through the wallet manager gui.

I've always had it mentally marked down as a annoyance which I don't trust.

Re: kwallet asks for password again after login – with kwallet-pam installed

Reply #9
Yeah, of course, I don't trust it ;-) I use pass for my real stuff.

But however, e.g. KMail and NetworkManager passwords are stored in KWallet, so I think I have to use it …

Re: kwallet asks for password again after login – with kwallet-pam installed

Reply #10
With the latest updates (as of today), it works again.

Heaven only knows what may have caused this …